KDE's August 2020 Apps Update

Dozens of KDE apps are getting new releases from KDE’s release service. New
features, usability improvements, re-designs and bug fixes all contribute to
helping boost your productivity and making this new batch of applications more
efficient and pleasant to use.

Full announcement:
        https://kde.org/announcements/releases/2020-08-apps-update/

3 files changed, 4 insertions, 51 deletions

diff --git a/archivers/ark/Makefile b/archivers/ark/Makefile
index ccb83d480709..7a200dfcfaf5 100644
--- a/archivers/ark/Makefile
+++ b/archivers/ark/Makefile
@@ -2,7 +2,6 @@
 
 PORTNAME=	ark
 DISTVERSION=	${KDE_APPLICATIONS_VERSION}
-PORTREVISION=	1
 CATEGORIES=	archivers kde kde-applications
 
 MAINTAINER=	kde@FreeBSD.org
@@ -42,6 +41,6 @@ ZIP_LIB_DEPENDS=	libzip.so:archivers/libzip
 ZIP_CMAKE_BOOL_OFF=	CMAKE_DISABLE_FIND_PACKAGE_LibZip
 
 # Override shared library version
-KDE_APPLICATIONS_SHLIB_VER=20.4.3
+KDE_APPLICATIONS_SHLIB_VER=20.8.0
 
 .include <bsd.port.mk>
diff --git a/archivers/ark/distinfo b/archivers/ark/distinfo
index 507c979ec829..6353108cde90 100644
--- a/archivers/ark/distinfo
+++ b/archivers/ark/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1594146930
-SHA256 (KDE/release-service/20.04.3/ark-20.04.3.tar.xz) = e7251b0b6f12291ffbaa328bf7f8e101ebeef6fd110dabbcf76d8ad7cfd305bc
-SIZE (KDE/release-service/20.04.3/ark-20.04.3.tar.xz) = 2586436
+TIMESTAMP = 1596814078
+SHA256 (KDE/release-service/20.08.0/ark-20.08.0.tar.xz) = 7627ffa17466d31dfdedabaa07b491ce14b46041d04f8b20316a0fa731fab098
+SIZE (KDE/release-service/20.08.0/ark-20.08.0.tar.xz) = 2708180
diff --git a/archivers/ark/files/patch-git_0d5952 b/archivers/ark/files/patch-git_0d5952
deleted file mode 100644
index db355866686c..000000000000
--- a/archivers/ark/files/patch-git_0d5952
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0df592524fed305d6fbe74ddf8a196bc9ffdb92f Mon Sep 17 00:00:00 2001
-From: Elvis Angelaccio <elvis.angelaccio@kde.org>
-Date: Wed, 29 Jul 2020 23:45:30 +0200
-Subject: [PATCH] Fix vulnerability to path traversal attacks
-
-Ark was vulnerable to directory traversal attacks because of
-missing validation of file paths in the archive.
-
-More details about this attack are available at:
-https://github.com/snyk/zip-slip-vulnerability
-
-Job::onEntry() is the only place where we can safely check the path of
-every entry in the archive. There shouldn't be a valid reason
-to have a "../" in an archive path, so we can just play safe and abort
-the LoadJob if we detect such an entry. This makes impossibile to
-extract this kind of malicious archives and perform the attack.
-
-Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
-so that we can still allow loading of legitimate archives that
-contain "../" in their paths but still resolve inside the extraction folder.
----
- kerfuffle/jobs.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/kerfuffle/jobs.cpp b/kerfuffle/jobs.cpp
-index fdaa48695..f73b56f86 100644
---- kerfuffle/jobs.cpp
-+++ kerfuffle/jobs.cpp
-@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
- 
- void Job::onEntry(Archive::Entry *entry)
- {
-+    const QString entryFullPath = entry->fullPath();
-+    if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
-+        qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
-+        onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
-+        onFinished(false);
-+        return;
-+    }
-+
-     emit newEntry(entry);
- }
- 
--- 
-GitLab
-